<?php
if(defined("IZ_ACCNAME")) {
function showcomment($comment) {
    $return .= '    <li id="'.$comment->id.'"';
    if($r%2 == 0) {
      $return .= ' class="oddcomment"';
    }
    $return .= '><cite><strong>'.dirty($comment->author).'</strong></cite>'."\n".
               '      <br />'."\n".
               '      <strong>'.iz_longdate($comment->posted).'</strong>'."\n";
    if($_SESSION['cpanel'] == 1) {
      $return .= '<a href="javascript:delitem(\''.$comment->id.'\',\'comment\')">'.STR_DELETE.'</a>';
    }
    $return .= '      <p>'.$comment->text.'</p>'."\n".
               '    </li>';
    return $return;
}
function getcomments($id) {
    izsql();
    $commentsql = "SELECT * FROM comments WHERE postid = '".$id."' ORDER BY posted";
    if(IZ_CALMODE == 'mysql') {
      if($_SESSION['MYSQLi']) {
        global $dblink;
        $commentqry = $dblink->query($commentsql);
        if($commentqry->num_rows > 0) {
          $return .= '<div class="containerbox comments">'."\n".
                     '<div class="containertitle">'.STR_COMMENTS.'</div>'."\n".
                     '  <ul class="commentlist">'."\n";
          $r = 1;
          while($comment = $commentqry->fetch_object()) {
            $return .= showcomment($comment);
            $r++;
          }
          $return .= '  </ul>'."\n".
                     '</div><br />'."\n";
        }
        $commentqry->close();
      } else {
        $commentqry = mysql_query($commentsql);
        if((is_resource($commentqry)) && (mysql_num_rows($commentqry) > 0)) {
          $return .= '<div class="containerbox comments">'."\n".
                     '<div class="containertitle">'.STR_COMMENTS.'</div>'."\n".
                     '  <ul class="commentlist">'."\n";
          $r = 1;
          while($comment = mysql_fetch_object($commentqry)) {
            $return .= showcomment($comment);
            $r++;
          }
          $return .= '  </ul>'."\n".
                     '</div><br />'."\n";
        }
      }
    } elseif(IZ_CALMODE == 'postgre') {
      $commentsql = "SELECT * FROM \"comments\" WHERE \"postid\" = '".$id."' ORDER BY \"posted\"";
      $commentqry = pg_query($commentsql);
      if((is_resource($commentqry)) && (pg_num_rows($commentqry) > 0)) {
        $return .= '<div class="containerbox comments">'."\n".
                   '<div class="containertitle">'.STR_COMMENTS.'</div>'."\n".
                   '  <ul class="commentlist">'."\n";
        $r = 1;
        while($comment = pg_fetch_object($commentqry)) {
          $return .= showcomment($comment);
          $r++;
        }
        $return .= '  </ul>'."\n".
                   '</div><br />'."\n";
      }
    } elseif(IZ_CALMODE == 'msq') {
      $commentqry = mssql_query($commentsql);
      if((is_resource($commentqry)) && (mssql_num_rows($commentqry) > 0)) {
        $return .= '<div class="containerbox comments">'."\n".
                   '<div class="containertitle">'.STR_COMMENTS.'</div>'."\n".
                   '  <ul class="commentlist">'."\n";
        $r = 1;
        while($comment = mssql_fetch_object($commentqry)) {
          $return .= showcomment($comment);
          $r++;
        }
        $return .= '  </ul>'."\n".
                   '</div><br />'."\n";
      }
    }
    if($_GET['v'] == 1) { $return .= '<br />'.$commentsql.'<br />'; }
    return $return;
}
function getcommentform($id,$type) {
    $return = '<div class="containerbox">'."\n".
              '  <div class="containertitle">'.STR_ADDCOMMENT.'</div>'."\n".
              '  <form action="'.$_SESSION['IZ_CALURL'].'index.php" method="post" id="commentform">'."\n";
    if($_SESSION['authed'] == 1) {
        $return .= '    <input type="hidden" name="author" value="'.$_SESSION['uname'].'" />'."\n";
    } else {
        $return .= '    <label for="author">'.STR_NAME.'&#58;</label><input type="text" name="author" id="author" class="standard" size="30" />'."\n".
                   '    <div class="inlineerror" id="error_commentauthor">&nbsp;</div><br />'."\n";
    }
    $return .= '    <label for="commenttext">'.STR_COMMENT.'&#58;</label><textarea rows="10" name="commenttext" id="commenttext" class="standard" cols="40"></textarea>'."\n".
               '    <div class="inlineerror" id="error_commenttext">&nbsp;</div><br />'."\n".
               '    <div class="actions" style="border-top: 0;">'."\n".
               '      <button name="act" class="buttonsave" type="submit" value="add">'.STR_ADDCOMMENT.'</button>'."\n".
               '    </div>'."\n".
               '    <input type="hidden" name="itemid" value="'.$id.'" />'."\n".
               '    <input type="hidden" name="comments" value="add" />'."\n";
               if($type == 'event') {
                 $return .= '    <input type="hidden" name="from" value="events-1.act-viewevent.event-'.$id.'" />'."\n";
               } elseif($type == 'todo') {
                 $return .= '    <input type="hidden" name="from" value="todo-1.act-viewtodo.id-'.$id.'" />'."\n";
               }
    $return .= '  </form>'."\n".
               '</div>'."\n";
    return $return;
}
} else {
  // Directly accessed
  header('Location: ../');
} ?>